CVE - CVE-2008-2809

CVE-ID
CVE-2008-2809	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2 URL:http://www.securityfocus.com/archive/1/483929/100/100/threaded BUGTRAQ:20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 URL:http://www.securityfocus.com/archive/1/483960/100/100/threaded BUGTRAQ:20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 URL:http://www.securityfocus.com/archive/1/483937/100/100/threaded BUGTRAQ:20080708 rPSA-2008-0216-1 firefox URL:http://www.securityfocus.com/archive/1/494080/100/0/threaded MISC:http://nils.toedtmann.net/pub/subjectAltName.txt CONFIRM:http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-31.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=240261 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=327181 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=402347 CONFIRM:https://issues.rpath.com/browse/RPL-2646 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0216 DEBIAN:DSA-1607 URL:http://www.debian.org/security/2008/dsa-1607 DEBIAN:DSA-1615 URL:http://www.debian.org/security/2008/dsa-1615 DEBIAN:DSA-1621 URL:http://www.debian.org/security/2008/dsa-1621 DEBIAN:DSA-1697 URL:http://www.debian.org/security/2009/dsa-1697 FEDORA:FEDORA-2008-6127 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html FEDORA:FEDORA-2008-6193 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html FEDORA:FEDORA-2008-6196 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html FEDORA:FEDORA-2008-6706 URL:https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html FEDORA:FEDORA-2008-6737 URL:https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html GENTOO:GLSA-200808-03 URL:http://security.gentoo.org/glsa/glsa-200808-03.xml MANDRIVA:MDVSA-2008:136 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 MANDRIVA:MDVSA-2008:155 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 REDHAT:RHSA-2008:0547 URL:http://www.redhat.com/support/errata/RHSA-2008-0547.html REDHAT:RHSA-2008:0549 URL:http://www.redhat.com/support/errata/RHSA-2008-0549.html REDHAT:RHSA-2008:0569 URL:http://www.redhat.com/support/errata/RHSA-2008-0569.html REDHAT:RHSA-2008:0616 URL:http://rhn.redhat.com/errata/RHSA-2008-0616.html SLACKWARE:SSA:2008-191-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 SLACKWARE:SSA:2008-210-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 SLACKWARE:SSA:2008-191 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 SUNALERT:256408 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 SUSE:SUSE-SA:2008:034 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html UBUNTU:USN-619-1 URL:http://www.ubuntu.com/usn/usn-619-1 UBUNTU:USN-629-1 URL:http://www.ubuntu.com/usn/usn-629-1 BID:30038 URL:http://www.securityfocus.com/bid/30038 OVAL:oval:org.mitre.oval:def:10205 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205 SECUNIA:34501 URL:http://secunia.com/advisories/34501 SECUNIA:31076 URL:http://secunia.com/advisories/31076 VUPEN:ADV-2008-1993 URL:http://www.vupen.com/english/advisories/2008/1993/references SECTRACK:1018979 URL:http://securitytracker.com/id?1018979 SECTRACK:1020419 URL:http://www.securitytracker.com/id?1020419 SECUNIA:30911 URL:http://secunia.com/advisories/30911 SECUNIA:30878 URL:http://secunia.com/advisories/30878 SECUNIA:30898 URL:http://secunia.com/advisories/30898 SECUNIA:30903 URL:http://secunia.com/advisories/30903 SECUNIA:30949 URL:http://secunia.com/advisories/30949 SECUNIA:31005 URL:http://secunia.com/advisories/31005 SECUNIA:31008 URL:http://secunia.com/advisories/31008 SECUNIA:31069 URL:http://secunia.com/advisories/31069 SECUNIA:31023 URL:http://secunia.com/advisories/31023 SECUNIA:31183 URL:http://secunia.com/advisories/31183 SECUNIA:31195 URL:http://secunia.com/advisories/31195 SECUNIA:31220 URL:http://secunia.com/advisories/31220 SECUNIA:31253 URL:http://secunia.com/advisories/31253 SECUNIA:31377 URL:http://secunia.com/advisories/31377 SECUNIA:31286 URL:http://secunia.com/advisories/31286 SECUNIA:31403 URL:http://secunia.com/advisories/31403 SECUNIA:31021 URL:http://secunia.com/advisories/31021 SECUNIA:33433 URL:http://secunia.com/advisories/33433 SREASON:3498 URL:http://securityreason.com/securityalert/3498 VUPEN:ADV-2009-0977 URL:http://www.vupen.com/english/advisories/2009/0977 XF:mozilla-altnames-spoofing(43524) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43524
Assigning CNA
N/A
Date Entry Created
20080620	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080620)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org